Article 66 of Regulation (EU) 2024/1689 — Structure of the Board. Official text, practical interpretation, key obligations and compliance implications.
Official Text Summary
Article 66 of Regulation (EU) 2024/1689 (the EU AI Act) defines the composition and structural rules governing the European Artificial Intelligence Board (the AI Board). The Board is constituted as a Union-level advisory and coordination body, bringing together one representative per Member State drawn from the designated national competent authority responsible for AI supervision. Where the supervisory function is distributed across multiple national authorities, Member States must designate a single coordinating representative.
The European Data Protection Supervisor sits on the Board as a non-voting member, acknowledging the deep interdependence between AI regulation and the rights framework established under the GDPR and the Law Enforcement Directive. The European Commission holds the chair of the Board but, crucially, without voting rights — a structural choice that preserves the intergovernmental character of Board decisions and prevents the Commission from dominating outcomes on enforcement coordination.
Provision is made for the Board to invite observers to its proceedings. This includes, where appropriate, representatives from third countries and relevant international organisations, enabling the Board to engage with global AI governance developments and promote regulatory convergence. The AI Board's structure mirrors established practice from bodies such as the European Data Protection Board, adapting that model to the specific multi-sectoral character of AI oversight under the Act.
What This Means in Practice
Article 66 is foundational infrastructure: it does not impose obligations directly on AI providers, deployers, or importers, but it determines the governance architecture through which the entire EU AI Act is supervised and enforced. Understanding its structure is essential for any organisation navigating the Act's compliance landscape.
For businesses operating across multiple Member States, the AI Board's composition matters because it is the body that coordinates consistent enforcement. When national market surveillance authorities interpret obligations differently — for example, on what constitutes a high-risk AI system under Annex III — the AI Board is the forum where harmonised guidance is developed. A company challenging an enforcement decision in one jurisdiction may find that the Board's opinions and guidelines inform how courts and authorities across the Union read identical provisions.
For organisations subject to GDPR simultaneously with the AI Act, the non-voting presence of the European Data Protection Supervisor signals that data protection considerations are structurally embedded in AI Board deliberations. Compliance programmes should treat AI governance and data governance as integrated, not parallel, workstreams.
For multinational technology companies with non-EU headquarters, the observer mechanism matters. Third-country regulatory bodies and international standards organisations may participate in Board proceedings, creating opportunities for regulatory dialogue but also for positions developed outside the EU to influence the Board's guidance documents and recommendations.
For public sector deployers and notified bodies, the Board's membership structure — senior representatives from national competent authorities — indicates the seniority of regulatory engagement they should anticipate when matters are escalated to Union level.
Key Obligations
- Each Member State must designate one high-level representative from its national competent authority to sit on the AI Board, with the option to designate an alternate.
- Where AI supervisory competence is shared across multiple national bodies, the Member State must identify a single coordinating representative for Board purposes, avoiding fragmentation of national positions at Union level.
- The European Commission must chair the AI Board without voting rights, maintaining procedural neutrality between Member States while retaining a facilitative and agenda-setting role.
- The European Data Protection Supervisor must be invited to participate in AI Board proceedings as a non-voting member, institutionalising data protection expertise within AI governance deliberations.
- The AI Board must maintain the capacity to invite observers — including third-country representatives and international organisations — on a case-by-case basis where their participation serves the Board's mandate.
- Member State representatives on the Board must hold positions of sufficient seniority and authority to engage substantively on cross-border enforcement coordination, mutual assistance, and Union-level AI policy development.
Relationship to Other Articles
Article 66 must be read as the structural foundation for the entire governance Title VII. It establishes who sits on the Board; the subsequent articles define what the Board does. Article 67 sets out the Board's tasks — issuing opinions, recommendations, and guidance — which can only be understood once Article 66 defines whose collective voice those outputs represent. Article 68 governs the AI Office, the Commission body that works alongside the Board and holds specific responsibilities for general-purpose AI model oversight; the relationship between the Board and the AI Office is one of the Act's key institutional dynamics.
Article 70 (confidentiality) and Article 71 (market surveillance) both operate downstream of the governance structure Article 66 creates. Article 6 and Annex III (classification of high-risk AI systems) are areas where the Board's harmonisation function — enabled by Article 66's composition — becomes practically significant for regulated entities. The Board's structural connection to data protection authorities via the EDPS seat also creates interpretive bridges to Article 10 (data governance) and Article 26 (obligations of deployers), where data protection and AI compliance intersect most acutely.
Compliance Timeline
Article 66 entered into force on 1 August 2024, the date the EU AI Act was published and became binding Union law. The AI Board's structural provisions apply from that date, and Member States were required to begin the process of designating national competent authorities — and therefore their Board representatives — accordingly.
The phased application schedule that governs substantive obligations does not directly alter Article 66's effect: the Board exists and operates throughout all phases. However, its practical significance intensifies at each application milestone. From February 2025, when prohibited AI practices became enforceable, the Board's coordination role on consistent prohibition-related enforcement became immediately relevant. From August 2025, with GPAI model obligations applying, the Board's engagement with AI Office oversight of foundation model providers became active. From December 2026 and August 2027, as high-risk AI system requirements apply progressively, the Board's role in harmonising market surveillance across Member States reaches full operational intensity. Organisations should monitor Board opinions and guidance documents issued at each phase, as these carry significant interpretive weight for national enforcement.
Official AI Act Compliance Deadline Calendar
Updated · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.
| Obligation | Applies to | Original date | New date | Status | Countdown | Legal basis |
|---|---|---|---|---|---|---|
| Prohibited Practices (Art. 5) | All providers and deployers | active | — | AI Act Art. 5 | ||
| GPAI Rules (Chapter 5) | GPAI model providers | active | — | AI Act Art. 51-56 | ||
| High-risk AI — Annex III (standalone) | Providers of standalone Annex III systems | deferred | — | AI Omnibus 2026 Art. 6(2) | ||
| High-risk AI — Annex I (embedded) | AI embedded in Annex I regulated products | deferred | — | AI Omnibus 2026 Art. 6(1) | ||
| AI-Generated Content Marking | Providers of generative GPAI systems | active | — | AI Act Art. 50(2) | ||
| Regulatory Sandboxes | National competent authorities | active | — | AI Act Art. 57 |
⬇ Download JSON · CC BY 4.0
AI Act meets DORA and NIS2
Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.
Explore regulation-dora.eu ↗Frequently Asked Questions
Article 66 establishes the European Artificial Intelligence Board (AI Board), a Union-level governance body composed of one high-level representative from each Member State's national competent authority, plus the European Data Protection Supervisor as a non-voting member. The Commission chairs the Board without voting rights.
Each Member State designates a representative from its national competent supervisory authority responsible for AI Act enforcement. Member States may also designate an alternate representative. The representative must hold a senior position reflecting the significance of AI governance at national level.
No. The European Data Protection Supervisor participates in the AI Board as a non-voting member, reflecting the intersection of AI regulation and data protection law without creating a formal supervisory overlap.
The European Commission chairs the AI Board. The Commission representative does not hold voting rights, ensuring that the Board's decisions rest with Member State representatives rather than the Commission itself.
Yes. Article 66 provides that the AI Board may invite observers, including representatives of third countries and international organisations, where appropriate. This facilitates international alignment on AI governance without granting external parties formal decision-making power.
Stay ahead of AI Act changes
Get compliance alerts when deadlines or obligations change.
No spam. One-click unsubscribe.